public function indexAction() { $registry = Zend_Registry::getInstance(); $auth = Zend_Auth::getInstance(); $config = $registry->get("config"); $sessionConfig = $config['resources']['session']; Ml_Model_AntiAttack::loadRules(); $credential = Ml_Model_Credential::getInstance(); $logger = Ml_Model_Logger::getInstance(); if ($auth->hasIdentity()) { return $this->_forward("goback"); } $request = $this->getRequest(); $form = $credential->loginForm(); if (Ml_Model_AntiAttack::ensureHuman()) { $ensureHuman = true; } else { $ensureHuman = false; } if ($request->isPost()) { ignore_user_abort(true); //A way to sign in only if captcha is right. This is a workaround to //signout if the captcha is wrong. // //I've decided to put the sign in code in the validator itself, //but couldn't find a way to make the password validator //load after the captcha one (but to let it come first in code, //and that's ugly on the screen) and get a result if the //validation worked. Notice that it is only useful when //the captcha is required. if ($form->isValid($request->getPost())) { //@see below $session = Ml_Model_Session::getInstance(); //rememberMe and ForgetMe already regenerates the ID if ($form->getElement("remember_me")->isChecked()) { Zend_Session::rememberMe($sessionConfig['cookie_lifetime']); } else { Zend_Session::ForgetMe(); } $session->associate($auth->getIdentity(), Zend_Session::getId()); $logger->log(array("action" => "login", "username" => $form->getValue("username"))); $this->_forward("goback"); } else { //@see above if ($auth->hasIdentity()) { $auth->clearIdentity(); } $logger->log(array("action" => "login_denied", "username" => $form->getValue("username"))); $this->view->errorlogin = true; } //@end of workaround } $challenge = $form->getElement("challenge"); //don't show missing value in the first time that asks for the captcha if (!$ensureHuman && is_object($challenge)) { $challenge->setErrorMessages(array("missingValue" => '')); } $this->view->loginform = $form; }
/** * Login submit */ public function submitLoginForm($form) { if ($form->isValid($_POST)) { $Profiles = new Application_Model_Profiles(); $name_input = $form->getValue('name'); $password = $form->getValue('password'); $remember_me = $form->getValue('remember_me'); if ($remember_me == '0') { Zend_Session::ForgetMe(); } $user_test = $Profiles->getProfileByField('email', $name_input); // no user, try with name instead of email if (!isset($user_test)) { $user_test = $Profiles->getProfileByField('name', $name_input); } if (isset($user_test)) { $name = $user_test->name; $email = $user_test->email; } else { // show as alert to cover login modal error Application_Plugin_Alerts::error(Zend_Registry::get('Zend_Translate')->translate('Invalid username or password'), 'on'); return; } if ($user_test->type != 'user' || !$email) { // show as alert to cover login modal error Application_Plugin_Alerts::error(Zend_Registry::get('Zend_Translate')->translate('Invalid username or password'), 'on'); return; } $authAdapter = Application_Plugin_Common::getAuthAdapter(); $authAdapter->setIdentity($email)->setCredential($password); $auth = Zend_Auth::getInstance(); $authStorage = $auth->getStorage(); $result = $auth->authenticate($authAdapter); if ($result->isValid()) { // check if account is activated if (!$Profiles->isActivated($name)) { Application_Plugin_Alerts::error(Zend_Registry::get('Zend_Translate')->translate('Please activate your account first'), 'off'); // build url $base_url = Application_Plugin_Common::getFullBaseUrl(); $resendactivation_link = $base_url . '/index/activate/resend/' . $user_test->name; Application_Plugin_Alerts::info('<a href="' . $resendactivation_link . '">' . Zend_Registry::get('Zend_Translate')->translate('Click here to resend the activation email') . '</a>', 'off', false); // clear identity - force logout Zend_Auth::getInstance()->clearIdentity(); } elseif ($user_test->is_hidden) { Application_Plugin_Alerts::error(Zend_Registry::get('Zend_Translate')->translate('This account has been deleted or suspended'), 'off'); // clear identity - force logout Zend_Auth::getInstance()->clearIdentity(); } else { // everything ok, login user $user_data = $authAdapter->getResultRowObject(); Application_Plugin_Common::loginUser($user_data, $authAdapter, $authStorage); // flush url Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector')->gotoUrl(''); } } else { // show as alert to cover login modal error Application_Plugin_Alerts::error(Zend_Registry::get('Zend_Translate')->translate('Invalid username or password'), 'on'); } } return $form; }
public function loginAction() { //if the user is logged already redir to home $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $this->_redirect('/' . $this->lang . '/woeid/' . $this->location . '/give'); } $request = $this->getRequest(); $form = $this->_getUserLoginForm(); if ($this->getRequest()->isPost()) { if ($form->isValid($request->getPost())) { $f = new Zend_Filter_StripTags(); $email = $f->filter($this->_request->getPost('email')); $password = $f->filter($this->_request->getPost('password')); //DDBB validation // setup Zend_Auth adapter for a database table $readConf = new Zend_Config_Ini(APPLICATION_PATH . '/config/nolotiro.ini', 'production'); $dbAdapter = Zend_Db::factory($readConf->resources->db); $authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter); $authAdapter->setTableName('users'); $authAdapter->setIdentityColumn('email'); $authAdapter->setCredentialColumn('password'); // Set the input credential values to authenticate against $authAdapter->setIdentity($email); $authAdapter->setCredential(md5(trim($password))); //trim whitespaces from copy&pasting the pass from email // do the authentication $auth = Zend_Auth::getInstance(); //check first if the user is activated (by confirmed email) $select = $authAdapter->getDbSelect(); $select->where('active > 0'); //check if the user is not locked (spammers, bad users, etc) $select->where('locked = 0'); $result = $authAdapter->authenticate(); if ($result->isValid()) { // success: store database row to auth's storage // system. (Not the password though!) $data = $authAdapter->getResultRowObject(null, 'password'); $auth->getStorage()->write($data); $woeid = $this->_helper->CheckWoeidUser->checkUserLogged($auth->getIdentity()->id); $this->_helper->_flashMessenger->addMessage($this->view->translate('Welcome,') . ' ' . $auth->getIdentity()->username); Zend_Session::start(); //check if user wants to be remembered by 7 days $seconds = 60 * 60 * 24 * 7; if ($this->_request->getPost('rememberme') == "1") { Zend_Session::RememberMe($seconds); } else { Zend_Session::ForgetMe(); } //check the redir value if setted $aNamespace = new Zend_Session_Namespace('Nolotiro'); $redir = $aNamespace->redir; if ($redir !== null) { $aNamespace->redir = null; //reset redir value $this->_redirect($redir); } else { //if redir empty goto main home ads and set the welcome logged in message $this->_redirect('/' . $this->lang . '/woeid/' . $woeid . '/give'); } } else { // failure: wrong username $view = $this->initView(); $view->error = $this->view->translate('Wrong email or password, please try again'); } } } // assign the form to the view $this->view->form = $form; }
public function logoutAction() { setcookie('jbdisqus[userid]', "", 1, "/"); setcookie('jbdisqus[username]', "", 1, "/"); setcookie('jbdisqus[token]', "", 1, "/"); setcookie('jbdisqus[refresh]', "", 1, "/"); setcookie('jbdisqus', "", 1, "/"); setcookie('jsdisqus', "", 1, "/"); unset($this->session->faves); \Zend_Session::ForgetMe(); \Zend_Session::destroy(true); $this->_redirect('/'); }
/** Delete a user */ public function deleteAction() { ignore_user_abort(true); if (!$this->logged) { throw new Zend_Exception('Must be logged in'); } $userId = $this->getParam('userId'); if (!isset($userId)) { throw new Zend_Exception('Must set a userId parameter'); } $user = $this->User->load($userId); if (!$user) { throw new Zend_Exception('Invalid user id'); } if ($user->isAdmin()) { throw new Zend_Exception('Cannot delete an admin user'); } if ($this->userSession->Dao->getKey() != $user->getKey()) { $this->requireAdminPrivileges(); } else { // log out if user is deleting his or her own account if (!$this->isTestingEnv()) { session_start(); $this->userSession->Dao = null; Zend_Session::ForgetMe(); $request = $this->getRequest(); $date = new DateTime(); $interval = new DateInterval('P1M'); setcookie(MIDAS_USER_COOKIE_NAME, null, $date->sub($interval)->getTimestamp(), '/', $request->getHttpHost(), (int) Zend_Registry::get('configGlobal')->get('cookie_secure', 1) === 1, true); } } $this->_helper->viewRenderer->setNoRender(); $this->disableLayout(); $name = $user->getFirstname() . ' ' . $user->getLastname(); $this->User->delete($user); $this->getLogger()->debug('User ' . $name . ' successfully deleted'); echo JsonComponent::encode(array(true, 'User ' . $name . ' successfully deleted')); }